This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-joomla25-12.1-squeeze-i386-ovf.zip.sig gpg: Signature made Tue Jun 4 21:17:01 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum 5e8d644b1e81bda45b66ed62a09506a9f353fe43 * md5sum 9ae0ed8dffe51e2378f99b8d1201c808 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrlk+AAoJEIXCXpWhbrlNwr8IAIdbnPX6Ev8+U1wxvmhPzi4h HSZ2lMNg1YbaC7o4/4qn5OeW9SO/QWHhKj/f6AW1XHyw5v1mcKU/IzxeIvP4tgWA CbN4I+GEnAxelH5H3sw32ZBlKiP2zVIOTQFJRx/L+iEBrYDvJbRqgbaglUbBzAKG uyvRz9RtSrqFG++X0JFJLpohVAFgNFxdbldwqq5EtsRXKswZ4QjVAHndx/ItmJpx 9XBoKLrlfr5pLvfNCyIql3qJpq93eIzKj4NDiPiS9W4ZoTFGc8HklU6BLDUwnko6 h+1A2olh2XJKiVPe+BW1kcFrWPbMw3nX5S0tGnFpPHK+n6biQZkij8M+TqOqEi4= =je5I -----END PGP SIGNATURE-----